TrueCrypt alternative CipherShed is not dead
CipherShed was one of a handful of TrueCrypt encryption software alternatives that emerged shortly after the developers of TrueCrypt dropped the software and development like a hot stone.
We reviewed the initial version of CipherShed back in 2014 when the development team released a first screenshot of the upcoming interface and revealed its plans.
The team released a pre-alpha version at the end of 2014 but no new version afterwards, and it is likely that many users who were interested in the project moved on to other projects such as VeryCrypt which offer similar functionality and are updated frequently.
CipherShed 0.7.4.0, the first non-alpha version of the application, was released in February 2016, more than year after the release of the initial pre-alpha version the team released.
You get a rebranded version of TrueCrypt more or less with CipherShed. That's not the only change though that went into the new build of the encryption software.
The team lists the following changes on the official website:
- Mitigation of various buffer overflows
- Address 100% CPU usage in boot loader (mostly relevant to VMs)
- Address CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.
- Address CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
- Apache 2.0 is now our contributor license
- Build process is a bit cleaner
- Signatures are made in both SHA1 and SHA2 for verification on a wider variety of Windows
- Code coverage is being implemented
CipherShed's development team fixed several of the security issues that were identified during TrueCrypt's audit. The roadmap lists this as a short-term audit response, but that is not really the case considering that it took more than 10 months to fix those issues.
The program is compatible with TrueCrypt containers and encryption formats, and it can be used as a direct replacement of the software even on systems where data that has been encrypted using TrueCrypt is already present.
As far as the future is concerned, one of the next big steps in development will be support for UEFI boat loaders which will enable users on Windows 8 and newer versions of Windows to use full disk encryption without having to switch boot platforms.
Plans to audit the source code and replace copyrighted code to allow CipherShed to be included in Linux distributions are other major steps the team plans to take in the future.
You can check out the project's roadmap on the official Wiki.
Closing Words
Most users who are still using TrueCrypt to protect their files or have already switched to one of the available alternatives wonder probably whether CipherShed is the right program for them.
Probably the main issue here is that it is unclear how fast development will progress from this point onward. While it is possible to use the program as is currently, projects like VeraCrypt are more active currently.
Now You: Which encryption software are you using currently?
nahh
they already cracked veracrypt long time ago
and patched it by themselves
and suprised that developers
still do not know about it
if the government
seen the hole
they wont told it to the developers
if you are a good very good programmer
if you did seen one…
would you…
i would search someone
who wanted to pay to crack it
———-
government forced to shutdown truecrypt
because…
until now they cant cracked it
VeraCrypt – Because TrueCrypt died, and one of the main developers of Ciphershed works for the USA agency DISA.
See: https://www.reddit.com/r/TrueCrypt/comments/2ru5xb/main_ciphershed_truecrypt_fork_developer_works/
Do you really trust an employee of the USA Defense Information Systems Agency to secure your data?
Then again. Maybe I work for DISA, and VeraCrypt is backdoored by us, so I’m pushing you away from CipherShed?
– J S
Ciphershed all the way because it just works
VeraCrypt all the way…
License note: hopefully it’s just a case of needing to update the page but the wiki is still listing the license as to-be-determined: https://wiki.ciphershed.org/License Assuming that’s just an issue of delay, I’m very happy with an Apache license: it will keep the Linux people happy, allows commercial integration, and addresses software patents (as every open license should). By way of comparison, the main alternative project Veracrypt is also Apache 2.0 so presumably the two projects could borrow code from one another.
Also — speaking of standards — I wish their wiki would use “MediaWiki” (used by Wikipedia) rather than “Moinmoin” but whatever.
Typos UEFI boat loaders and as VeryCrypt
I am a loyal fan of TrueCrypt, sorry. Those guys were genius, and even made MS come up with it’s own Bit-locker; which i don’t trust in at all to be honest.
I found TrueCrypt 7.1a buggy to the point of unusability on Windows 10, where something seemed to be intefering with its ability to interact with Windows Explorer. It was all around buggy and crashed way more often than it did on Win 7 before I upgraded. It also failed to unmount volumes reliably, and I would come back from a reboot to find my encrypted volume still mounted and accessible.
Tried VeraCrypt but the performance left me unimpressed. It took forever to mount volumes, and since I mount and unmount volumes multiple times in a session, this was huge for me. Plus, converting my large TrueCrypt volumes to VeraCrypt volumes (or copying over all the files) seemed like a time-consuming chore so I left it at the bottom of my list.
CipherShed hit the sweet spot for me. Fast as TC, works with my existing volumes as they are, and all the bugginess is gone under Windows 10. This is the one I’ll be using for the forseeable future. If it’s not upgraded that often, so what? It works as is and it’s still more often than TrueCrypt!
LoL, you are worried about security and privacy, yet you use windows 10, LoL, if i were you i would be more worried about windows 10
havent thought about encryption in a while. thanks for jogging my memory. i was impressed by comments on truecrypt 7.1a. even more impressed with grc comments : https://www.grc.com/misc/truecrypt/truecrypt.htm ….so grabbed a copy there along with the user guide. i dont hide any earth-shaking secrets but love to learn. am currently using safehouse explorer and have found that easy for day to day use on hard drives or flash. thanks again Martin for your info…and by the way, your use of English is getting so good its scary. haha
Unless you are a senior insider at some agency like NSA, CIA, KGB, MI6, etc. …. there isn’t a reliable method to verify which of the available encryption methods have already been compromised or not.
In the absence of hard evidence, it might be better if we remain scattered – and continue to support a wide variety of encryption software methods. Theoretically, it makes life more complicated for the crypto-busters, and slows down their progress.
7.1a of TrueCrypt still
TrueCrypt 7.1a because having nothing to hide there’s no point in using VeraCrypt :)
Bah, I always remained skeptical about alleged TrueCrypt vulnerabilities. Strange story. But I may be mistaking. If I had highly confidential data I wouldn’t take the risk. But if anyone opened the vault they’d find no more than pictures, videos of Mrs. Xyz and myself playing mom & dad in a cheap hotel in the suburbs of Santa Cruz. Nothing really important.
I concur. Always suspicious of TrueCrypt’s demise – paid off or scared off – one or the other I remain convinced. I still use Truecrypt 7.1a – if there are vulnerabilities I’m sceptical of answers such as Veracrypt and Ciphershed.
Also – I need a portable utility. Nothing but TrueCrypt seems to qualify. Kind of tempted to CypherShed to be honest. But no (obvious) portable app, plus it’s one of those downloads that seems to require a degree in computer science to complete….
VeraCrypt is open source so any dubious code would get picked up immediately.
The original Truecrypt passed the two stage audit with some minor problems that were fixed in Veracrypt, then it was audited by the German government, and finally Google’s zero day project which found issues with the mounted drives and again it was fixed in Veracrypt. There were no backdoors found in any of the audits. After the issues with the mounted drives I switched to Veracrypt and it works fine on Windows and Linux. These days I’m more Linux than Windows so I would really only use the container function as Luks is good enough for me.
I can’t see any benefit of Ciphershed – it was slow at development and is trying to do exactly the same thing as Veracrypt. Perhaps if it took on a unique angle it might find its niche, however I’m afraid they have left things too late. Cross platform would be useful. What about an Android app?
If you are using anything other than TrueCrypt v7.1a, then you truly have no clue…
Or you don’t.
VeraCrypt.
Gotta love the release date year we see in the About screenshot…
Using 7.1a of TrueCrypt still. VeraCrypt was buggy when I last tested it and was unable to find a fix, it may have improved since but I am not sure.